[VPN] Application timeouts over VPN...HELP!
Mike Hancock
Mike.Hancock at sourcemed.net
Wed Apr 2 10:24:24 EST 2003
We have a good and solid VPN between a Checkpoint and a NetScreen, its
up and solid. I can send 100 pings and get 100% response. Ping times
across the tunnel are 63ms average. The developers for each company
keep saying that the "firewall" is dropping the packets. And it is.
Application A starts the session(syn), App B answers(synack), App
A(ack)....no problem. The apps even talks out to the correct DST ports.
Problem comes when App A tries to send info over the established session
(example src port 2565) but sends it out 65 seconds since the last
communications, the firewalls time out the session and App A should
resend over a new source port. It never does. It will try till its dying
days to communicate over that FIRST session.
I am a router firewall guy and not a programmer, is there anything that
I can do to lessen the problem from a firewall/VPN point of view? I keep
saying that they need to speed up response times on their TCP
communications and send "heartbeats". They call me "Non-Helpful"
I just want to fix it. Any ideas?
App A
-----------------Checkpoint========INTERNET===========NetScreen---------
-------------App B
_______________________________
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20030402/605dae90/attachment.htm
More information about the VPN
mailing list